Brad Bishop | bec4ebc | 2022-08-03 09:55:16 -0400 | [diff] [blame] | 1 | DESCRIPTION = "Trusted Firmware-A" |
| 2 | LICENSE = "BSD-3-Clause & MIT" |
| 3 | |
| 4 | PACKAGE_ARCH = "${MACHINE_ARCH}" |
| 5 | |
| 6 | inherit deploy |
| 7 | |
Andrew Geissler | ea144b03 | 2023-01-27 16:03:57 -0600 | [diff] [blame^] | 8 | SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https" |
| 9 | SRCBRANCH = "master" |
| 10 | SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}" |
Brad Bishop | bec4ebc | 2022-08-03 09:55:16 -0400 | [diff] [blame] | 11 | |
| 12 | UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$" |
| 13 | |
| 14 | SRCREV_FORMAT = "tfa" |
| 15 | |
| 16 | COMPATIBLE_MACHINE ?= "invalid" |
| 17 | |
| 18 | # Platform must be set for each machine |
| 19 | TFA_PLATFORM ?= "invalid" |
| 20 | |
| 21 | # Some platforms can have multiple board configurations |
| 22 | # Leave empty for default behavior |
| 23 | TFA_BOARD ?= "" |
| 24 | |
| 25 | # Some platforms use SPD (Secure Payload Dispatcher) services |
| 26 | # Few options are "opteed", "tlkd", "trusty", "tspd", "spmd"... |
| 27 | # Leave empty to not use SPD |
| 28 | TFA_SPD ?= "" |
| 29 | |
| 30 | # Variable used when TFA_SPD=spmd |
| 31 | TFA_SPMD_SPM_AT_SEL2 ?= "1" |
| 32 | |
| 33 | # SP layout file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1 |
| 34 | TFA_SP_LAYOUT_FILE ?= "" |
| 35 | |
| 36 | # SPMC manifest file location. Used when TFA_SPD=spmd and TFA_SPMD_SPM_AT_SEL2=1 |
| 37 | TFA_ARM_SPMC_MANIFEST_DTS ?= "" |
| 38 | |
| 39 | # Build for debug (set TFA_DEBUG to 1 to activate) |
| 40 | TFA_DEBUG ?= "0" |
| 41 | |
| 42 | S = "${WORKDIR}/git" |
| 43 | B = "${WORKDIR}/build" |
| 44 | |
| 45 | # mbed TLS support (set TFA_MBEDTLS to 1 to activate) |
| 46 | TFA_MBEDTLS ?= "0" |
| 47 | # sub-directory in which mbedtls will be downloaded |
| 48 | TFA_MBEDTLS_DIR ?= "mbedtls" |
| 49 | # This should be set to MBEDTLS download URL if MBEDTLS is needed |
| 50 | SRC_URI_MBEDTLS ??= "" |
| 51 | # This should be set to MBEDTLS LIC FILES checksum |
| 52 | LIC_FILES_CHKSUM_MBEDTLS ??= "" |
| 53 | # add MBEDTLS to our sources if activated |
| 54 | SRC_URI:append = " ${@bb.utils.contains('TFA_MBEDTLS', '1', '${SRC_URI_MBEDTLS}', '', d)}" |
| 55 | # Update license variables |
| 56 | LICENSE:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' & Apache-2.0', '', d)}" |
| 57 | LIC_FILES_CHKSUM:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', ' ${LIC_FILES_CHKSUM_MBEDTLS}', '', d)}" |
| 58 | # add mbed TLS to version |
| 59 | SRCREV_FORMAT:append = "${@bb.utils.contains('TFA_MBEDTLS', '1', '_mbedtls', '', d)}" |
| 60 | |
| 61 | # U-boot support (set TFA_UBOOT to 1 to activate) |
| 62 | # When U-Boot support is activated BL33 is activated with u-boot.bin file |
| 63 | TFA_UBOOT ??= "0" |
| 64 | |
| 65 | # UEFI support (set TFA_UEFI to 1 to activate) |
| 66 | # When UEFI support is activated BL33 is activated with uefi.bin file |
| 67 | TFA_UEFI ??= "0" |
| 68 | |
| 69 | # What to build |
| 70 | # By default we only build bl1, do_deploy will copy |
| 71 | # everything listed in this variable (by default bl1.bin) |
| 72 | TFA_BUILD_TARGET ?= "bl1" |
| 73 | |
| 74 | # What to install |
| 75 | # do_install and do_deploy will install everything listed in this |
| 76 | # variable. It is set by default to TFA_BUILD_TARGET |
| 77 | TFA_INSTALL_TARGET ?= "${TFA_BUILD_TARGET}" |
| 78 | |
| 79 | # Requires CROSS_COMPILE set by hand as there is no configure script |
| 80 | export CROSS_COMPILE="${TARGET_PREFIX}" |
| 81 | |
| 82 | # Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application |
| 83 | CFLAGS[unexport] = "1" |
| 84 | LDFLAGS[unexport] = "1" |
| 85 | AS[unexport] = "1" |
| 86 | LD[unexport] = "1" |
| 87 | |
| 88 | # No configure |
| 89 | do_configure[noexec] = "1" |
| 90 | |
| 91 | # Baremetal, just need a compiler |
| 92 | DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc" |
| 93 | |
| 94 | # We need dtc for dtbs compilation |
| 95 | # We need openssl for fiptool |
| 96 | DEPENDS = "dtc-native openssl-native" |
| 97 | DEPENDS:append:toolchain-clang = " compiler-rt" |
| 98 | |
| 99 | # CC and LD introduce arguments which conflict with those otherwise provided by |
| 100 | # this recipe. The heads of these variables excluding those arguments |
| 101 | # are therefore used instead. |
| 102 | def remove_options_tail (in_string): |
| 103 | from itertools import takewhile |
| 104 | return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' '))) |
| 105 | |
| 106 | EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}" |
| 107 | |
| 108 | EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}" |
| 109 | |
| 110 | # Verbose builds, no -Werror |
| 111 | EXTRA_OEMAKE += "V=1 E=0" |
| 112 | |
| 113 | # Add platform parameter |
| 114 | EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}" |
| 115 | |
| 116 | # Handle TFA_BOARD parameter |
| 117 | EXTRA_OEMAKE += "${@'TARGET_BOARD=${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" |
| 118 | |
| 119 | # Handle TFA_SPD parameter |
| 120 | EXTRA_OEMAKE += "${@'SPD=${TFA_SPD}' if d.getVar('TFA_SPD') else ''}" |
| 121 | |
| 122 | # If TFA_SPD is spmd, set SPMD_SPM_AT_SEL2 |
| 123 | EXTRA_OEMAKE += "${@'SPMD_SPM_AT_SEL2=${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" |
| 124 | |
| 125 | # Handle TFA_DEBUG parameter |
| 126 | EXTRA_OEMAKE += "${@bb.utils.contains('TFA_DEBUG', '1', 'DEBUG=${TFA_DEBUG}', '', d)}" |
| 127 | |
| 128 | # Handle MBEDTLS |
| 129 | EXTRA_OEMAKE += "${@bb.utils.contains('TFA_MBEDTLS', '1', 'MBEDTLS_DIR=${TFA_MBEDTLS_DIR}', '', d)}" |
| 130 | |
| 131 | # Uboot support |
| 132 | DEPENDS += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot', '', d)}" |
| 133 | do_compile[depends] += " ${@bb.utils.contains('TFA_UBOOT', '1', 'u-boot:do_deploy', '', d)}" |
| 134 | EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UBOOT', '1', 'BL33=${DEPLOY_DIR_IMAGE}/u-boot.bin', '', d)}" |
| 135 | |
| 136 | # UEFI support |
| 137 | DEPENDS += " ${@bb.utils.contains('TFA_UEFI', '1', 'edk2-firmware', '', d)}" |
| 138 | EXTRA_OEMAKE += "${@bb.utils.contains('TFA_UEFI', '1', 'BL33=${RECIPE_SYSROOT}/firmware/uefi.bin', '', d)}" |
| 139 | |
| 140 | # TFTF test support |
| 141 | DEPENDS += " ${@bb.utils.contains('TFTF_TESTS', '1', 'tf-a-tests', '', d)}" |
| 142 | EXTRA_OEMAKE += "${@bb.utils.contains('TFTF_TESTS', '1', 'BL33=${RECIPE_SYSROOT}/firmware/tftf.bin', '',d)}" |
| 143 | |
| 144 | # Hafnium support |
| 145 | SEL2_SPMC = "${@'${TFA_SPMD_SPM_AT_SEL2}' if d.getVar('TFA_SPD', True) == 'spmd' else ''}" |
| 146 | |
| 147 | DEPENDS += " ${@bb.utils.contains('SEL2_SPMC', '1', 'hafnium', '', d)}" |
| 148 | |
| 149 | EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'CTX_INCLUDE_EL2_REGS=1 ARM_ARCH_MINOR=4 BL32=${RECIPE_SYSROOT}/firmware/hafnium.bin', '', d)}" |
| 150 | |
| 151 | # Add SP layout file and spmc manifest for hafnium |
| 152 | EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'SP_LAYOUT_FILE=${TFA_SP_LAYOUT_FILE}' if d.getVar('TFA_SP_LAYOUT_FILE') else '', '', d)}" |
| 153 | |
| 154 | EXTRA_OEMAKE += "${@bb.utils.contains('SEL2_SPMC', '1', 'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}" |
| 155 | |
| 156 | # Tell the tools where the native OpenSSL is located |
| 157 | EXTRA_OEMAKE += "OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}" |
| 158 | # Use the correct native compiler |
| 159 | EXTRA_OEMAKE += "HOSTCC='${BUILD_CC}'" |
| 160 | |
| 161 | # Runtime variables |
| 162 | EXTRA_OEMAKE += "RUNTIME_SYSROOT=${STAGING_DIR_HOST}" |
| 163 | |
| 164 | BUILD_DIR = "${B}/${TFA_PLATFORM}" |
| 165 | BUILD_DIR .= "${@'/${TFA_BOARD}' if d.getVar('TFA_BOARD') else ''}" |
| 166 | BUILD_DIR .= "/${@'debug' if d.getVar("TFA_DEBUG") == '1' else 'release'}" |
| 167 | |
| 168 | do_compile() { |
| 169 | # This is still needed to have the native tools executing properly by |
| 170 | # setting the RPATH |
| 171 | sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile |
| 172 | sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile |
| 173 | sed -i '/^LIB/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/cert_create/Makefile |
| 174 | |
| 175 | # Currently there are races if you build all the targets at once in parallel |
| 176 | for T in ${TFA_BUILD_TARGET}; do |
| 177 | oe_runmake -C ${S} $T |
| 178 | done |
| 179 | } |
| 180 | do_compile[cleandirs] = "${B}" |
| 181 | |
| 182 | do_install() { |
| 183 | install -d -m 755 ${D}/firmware |
| 184 | for atfbin in ${TFA_INSTALL_TARGET}; do |
| 185 | processed="0" |
| 186 | if [ "$atfbin" = "all" ]; then |
| 187 | # Target all is not handled by default |
| 188 | bberror "all as TFA_INSTALL_TARGET is not handled by do_install" |
| 189 | bberror "Please specify valid targets in TFA_INSTALL_TARGET or" |
| 190 | bberror "rewrite or turn off do_install" |
| 191 | exit 1 |
| 192 | fi |
| 193 | |
| 194 | if [ -f ${BUILD_DIR}/$atfbin.bin ]; then |
| 195 | echo "Install $atfbin.bin" |
| 196 | install -m 0644 ${BUILD_DIR}/$atfbin.bin \ |
| 197 | ${D}/firmware/$atfbin-${TFA_PLATFORM}.bin |
| 198 | ln -sf $atfbin-${TFA_PLATFORM}.bin ${D}/firmware/$atfbin.bin |
| 199 | processed="1" |
| 200 | fi |
| 201 | if [ -f ${BUILD_DIR}/$atfbin/$atfbin.elf ]; then |
| 202 | echo "Install $atfbin.elf" |
| 203 | install -m 0644 ${BUILD_DIR}/$atfbin/$atfbin.elf \ |
| 204 | ${D}/firmware/$atfbin-${TFA_PLATFORM}.elf |
| 205 | ln -sf $atfbin-${TFA_PLATFORM}.elf ${D}/firmware/$atfbin.elf |
| 206 | processed="1" |
| 207 | fi |
| 208 | if [ -f ${BUILD_DIR}/$atfbin ]; then |
| 209 | echo "Install $atfbin" |
| 210 | install -m 0644 ${BUILD_DIR}/$atfbin \ |
| 211 | ${D}/firmware/$atfbin-${TFA_PLATFORM} |
| 212 | ln -sf $atfbin-${TFA_PLATFORM} ${D}/firmware/$atfbin |
| 213 | processed="1" |
| 214 | fi |
| 215 | if [ -f ${BUILD_DIR}/fdts/$atfbin.dtb ]; then |
| 216 | echo "Install $atfbin.dtb" |
| 217 | install -m 0644 "${BUILD_DIR}/fdts/$atfbin.dtb" \ |
| 218 | "${D}/firmware/$atfbin.dtb" |
| 219 | processed="1" |
| 220 | elif [ "$atfbin" = "dtbs" ]; then |
| 221 | echo "dtbs install, skipped: set dtbs in TFA_INSTALL_TARGET" |
| 222 | elif [ -f ${B}/tools/$atfbin/$atfbin ]; then |
| 223 | echo "Tools $atfbin install, skipped" |
| 224 | elif [ "$processed" = "0" ]; then |
| 225 | bberror "Unsupported TFA_INSTALL_TARGET target $atfbin" |
| 226 | exit 1 |
| 227 | fi |
| 228 | done |
| 229 | } |
| 230 | |
| 231 | FILES:${PN} = "/firmware" |
| 232 | SYSROOT_DIRS += "/firmware" |
| 233 | |
| 234 | FILES:${PN}-dbg = "/firmware/*.elf" |
| 235 | # Skip QA check for relocations in .text of elf binaries |
| 236 | INSANE_SKIP:${PN}-dbg += "textrel" |
| 237 | # Build paths are currently embedded |
| 238 | INSANE_SKIP:${PN} += "buildpaths" |
| 239 | INSANE_SKIP:${PN}-dbg += "buildpaths" |
| 240 | |
| 241 | do_deploy() { |
| 242 | cp -rf ${D}/firmware/* ${DEPLOYDIR}/ |
| 243 | } |
| 244 | addtask deploy after do_install |
| 245 | |
| 246 | CVE_PRODUCT = "arm:arm-trusted-firmware \ |
| 247 | arm:trusted_firmware-a \ |
| 248 | arm:arm_trusted_firmware \ |
| 249 | arm_trusted_firmware_project:arm_trusted_firmware" |